Compromised: How To Know When Your Email/Password Has Been Stolen

Locked safe

We research Information Security incidents every day and we can tell you one thing for certain; your data is worth a lot of money to cyber criminals. A day doesn’t pass where we don’t read about another breach where an organizations employee or customer data has been stolen. This data often includes email addresses and sometimes even passwords. Even a password that has been encrypted before it’s stored can potentially be valuable in the right hands. So, is it possible to know if your email or password has been compromised? Yes!

Finding Compromised Accounts

Information security professionals have been able to utilize similar methods to collect details on data breaches including, in some cases, the data within those breaches. Unlike cyber criminals, security professionals have created ways to safely and securely use that data to help consumers, like you, identify if their accounts have been compromised. In most cases you simply enter your email address or common username(s), and the tool with identify whether or not that email address and/or username has been found in any known data breaches.

Disclaimer

We don't recommend that you go around and enter your email address and password into different websites. The below list of lookups have been reviewed by Rogue Security, both in terms of technical controls, and privacy controls.

Account Leak Lookup Services

Here is our trusted list of sites that you can use to search for whether or not your accounts have been compromised. All of the below resources are 100% completely free!

Enter an email address (or even username/phone number) and these services will return a list of data breaches that the email address (or other artifact) was found.

What Do I Do If My Email Comes Back As Being In A Breach?

If you haven’t already, you should change the password on your account on that individual service. Also, if you use that same password elsewhere then you should change the password on those accounts, as well. This is the reason why we don’t recommend the practice of re-using passwords between services. Not only does it put all of your accounts at risk if just one of them is breached, but it also makes it a lot harder for you to remember all of the places that you used that password. In summary:

  1. Reset your password on the account that was breached.
  2. Reset your password on any other accounts that might share the same password as the breached service.
  3. If any important accounts such as government or financial services accounts might be affected, contact each institution advising them so they may monitor your accounts more closely.

Your accounts are almost guaranteed to fall victim to a data breach at some point in your lifetime. Using separate passwords, and being aware of possible leaks is the best way to protect yourself as a consumer.